Its an oft quoted fact that the difference in productivity between an expert software developer and a mediocre software developer is about two orders of magnitude. In other words, the expert delivers about 100 times more debugged code per man-hour than the wuss.
In an engineering discipline, this sort of delta in the range of what's considered "acceptable performance" is simply unheard of. An expert Electrical Engineer might deliver 3 to 4 times the correct circuitry designs than what the mediocre EE does.
There a number of classic fields where the performance delta between okay and great is several orders of magnitude: music, painting, literature, photography, etc. That is to say, ART.
There is a great deal of engineering involved in writing computer software, but make no mistake about it: programmers are not engineers; they're artists through and through.
Programmers even get upset at the same kinds of criticism as other artists. (What do you mean you want me to write more comments, indent the code differently, and use descriptive variable names!? That's a little like asking a musician to mix the tracks differently and post-process the vocals.)
--
In fairness, it also depends on whether you're talking about programming in general or programming for a specific language. The skill delta in Visual Basic or Perl coders, for example, is not anywhere close to two orders of magnitude. The language either doesn't allow or pushes folks away from a huge number of bug classes.
The mediocre programmer is still mediocre, but the code is more likely to muddle through the mistakes with less impact on the end result. For example, a mistake with a buffer in C means that you segv (halting the program with no result) with a security risk if its interfacing with an untrusted party. A mistake with a buffer in Perl means that you consume an obscene amount of memory in order to finish the run.
There was also a rumor spreading around Europe and Russia (primarily Germany and Russia) that the White House web page had been hacked. This rumor was false; the URL reported was http://www.whitehouse.net/index2.html
The rumor was enough to generate 4,600,000 hits in a 72-hour period that normally sees only 100,000.
I thought it was a DDOS until I analyzed the logs. It was about 75% folks linking from email and 25% folks linking from various web based message boards. About 60% went straight to index2.html while 40% went to the home page.
Sounds to me like what you really need to do is replace fgets with fgetxml. fgets stops at the end of line. fgetxml would stop at the end of the next tag instead (i.e. stop at ">" instead of LF.) End-of-line has no meaning in an XML file, so why process it with line-oriented I/O?
Duh. That's why you don't try to build it yourself. Make a game in which the players build the world. And then encourage them to do so. I suppose this ties in with:
Everything You Know about Single-Player Games is Wrong
That's right Dave. One of the "wrong" things is the premise that the game creator creates the world. That doesn't work! The game creator has to create the rules of the universe and start the world. Then, if he expects to not be swamped, he has to sit back and let the players take it from there.
CD. I wonder how you could work around that problem. If people only hear one song on the radio, that's the song they'll buy.
You work around that problem by inserting authorized "radio quality" encodings into the P2P networks. An mp3 at 96kbps is good enough to figure out whether you like the song.
Its seems weird to me that a music industry which pays radio stations to play their songs where anyone can trivially make a tape recording wouldn't go out of their way to release comperable quality recordings on the internet for exactly the same reason they push radio stations to play them!
to create a patch while keeping news of the issue from leaking to those who might exploit the vulnerability.
The debian version of the patch wasn't available yesterday. The whole point of delaying the announcement is to get the fix out there ahead of the knowledge of the vulnerability. I'd say their system for "working with vendors" needs some work.
And what exactly is the knowledge dissemination path here? This time the mass media spread knowledge far and wide that attention was needed. They'll get bored after a couple more of these and stop prominantly reporting it. How does homeland security plan to get the message out then?
if you throttle the bastards back they'll end up using less
Less of which resource? My mail servers collectively move about 500,000 messages a day. The most scarce resources is # of processes and # of connections. If I deliberately throttle any of them by any noticeable amount, I'm going to double or triple my requirement for those resources.
Among spamming methods, there's about an even split. Half are direct-spamming from their dynamic dialup and the other half are relaying.
Your modern direct-spammer uses optimizing software which adds parallel connections to the limit of his bandwidth. He wants to push the maximum amount out before his account gets canned. Check your logs for the direct-spammer. His message already arrives slowly because he's saturating his link.
Your relay spammer will never notice that you're throttleing him. You'll throttle the relay he's abusing, but so what? If the admin notices, he'll "fix" it with a reboot. His software likely supports parallel delivery of individual messages and he's usually on broadband or better. If his software were smart enough to throttle the number of connections to each individual server, it'd be smart enough not to relay in the first place. So, by throttling you're setting up a situation where he'll open one connection for each message he wants to send and sit there like that until you're done throttling him.
The only time throttling becomes interesting is if your server is the relay being abused. In every other case, it burns more resources than it saves... And if you've adequately secured your server then the odds are you're not the relay being abused.
Nonsense. The spammer will just run the connections in parallel. The slower they get the more he'll run. He already does this to some extent. All this will accomplish is to tie up resources on YOUR mail server.
Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at, and we are protected by Oftel. That's the vision, and that's where we want to be.
Good lord, that's Microsoft's idea of trustworthy? At least 75% of the Verizon bills I audit at work are wrong, many to the tune of thousands of dollars. And don't get me started about the impossibility of figuring out whether the caller is a telemarketer before picking up the phone...
As I recall, the Pentium processor got slower as the ram increased over 128mb. Something to do with the caching strategy. The 486 had a similar problem somewhere between 16 and 32mb.
Tom's test system had 512mb of ram. That should more or less knock the pentium's performance down to the equivalent of having turned off the cache entirely.
The fact that no company has dared to test this in court yet should be convincing enough that lawyers don't see it this way.
Nonsense. At this point, the GPL itself has only been tried in the court of public opinion. To the best of my knowledge, not one of the numerous small companies that has refused to release code they allegedly should have under the GPL has been successfully sued, either by winning in court or by getting action after filing suit. In every case where code was subsequently released it was in response to the hate mail, not any legal threat.
No company has tried something like the method I posted because there is no point in jumping through hoops until the easier methods are proven not to work.
The GPL's hardest problem in court is one of standing to sue. Unless the copier offers the GPL license to the recipient, the recipient has no standing to sue over it. Whoever the copier got it from might have standing (as one party to that instance of the GPL contract), but how could you prove where they got it? You can't. As a result, only the documented authors would have provable standing as an injured party to file a lawsuit for infringement and/or breach of contract. Since these authors are generally dispersed and disorganized (the bazaar, not the cathedral) its a huge burden on them to try to file suit.
Even if you get past that hurdle, the GPL is a shrink-wrap license. That makes successful suit for infringement vastly more likely than successful suit for breach of contract. Compelled compliance is only a remedy for breach, not for infringement. What remedy is imposed for infringement? Unless the specific work is under a registered copyright there are no punitive damages. Few GPL works are registered and the relative anonymity of the various authors would make registration difficult. Real damages? Showing real damages for free anything is exceptionally hard. The best the authors could realistically hope for after spending money and time in court is an injunction preventing further infringement.
So, after burning all that time and money the authors theoretically get an injunction against the company. I say theoretically because no one has gotten that far yet. How do you think the company responds? They switch to something like my method in the previous posts of course. No point in doing so sooner.
No, I'd argue the opposite of your statement. The fact that no authors have successfully sued under the terms of the GPL is convincing evidence of the futility in doing so.
The source code for a work means the preferred form of the work for making modifications to it.
I think you're missing one key point: WHOSE preferred form for making modifications. Your preferred form? My Preferred form? Richard Stallman's preferred form?
None of the above. The form in question is the copying entity's preferred form for making modifications. There may be dozens of predecessor works posessed by other entities but none of them matter. What matters is the "preferred form" of the work actually posessed by the copying entity.
In my second example, the only source code possessed by the copying entity is the assembly language source. Thus, if it is in fact source code then it is the "preferred form."
Truth is, the way the GPL is written you could almost get away with making that "preferred form" straight object code. A reasonable argument could be made that the "preferred form for making changes" redefined the term "source code" to have only that meaning in this contract. You'd just have to document that the entity posessed no superior form and that the entitity made actual changes to that form.
I don't know that I'd call that method easy since there is more than one way that the unwary could shoot themselves in the foot and end up infringing. It is, however, obvious and quite doable.
That is only true, if the proprietary stuff is not a derivative work of the GPL stuff.
No argument there. I have yet to spy a hole where you can get away with not releasing the source to portions that aren't severable from the GPL part of the code. So, you're compelled to release your API code and your tweaks. <sarcasm>Darn.</sarcasm>
And, of course, this is where you are wrong. You just explained that in Step2, you are creating a secondary form. Well, then the primary form, the one you created the obfuscated assembly from, is the source, defined by the GPL as the "preferred form for making modifications to the work".
Thing is, that interpretation is counter to copyright law. According to the law, the derivative work is an entirely new work. It inherits restrictions from the original based on any license (or lack of license) received by whoever makes the changes, but the reverse is not true. For the GPL to apply to the predecessor work, the GPL would have to explicitly state that it applies to the predecessor work.
More correctly, the GPL would have to state that in order to accept the license the distributor would have to offer the linked works and all portions of all predecessor works that the linked work was derived from under the GPL. It doesn't.
What it does do is talk about the "preferred" source form. The intent is seemingly straightforward, but that's a nastily vague way of saying it. Two things about that clause are, however, clear: 1) It must be a form generally considered to be source code. 2) It can't be a form which was not available to the entity which first distributed the combined software.
So, if you want to be doubly sure, you add one layer to my example. Create a corporate entity B whose sole purpose is to receive derivative work A (but not the original work!) from the owner of the original work, compile and link it to the GPL code, and then release it.
Derivative work A is the preferred source because: 1) It is in fact a generally accepted form of source code. 2) Its the only source code available to corporate entity B when they combined it with the GPL part.
There are other ways to deal with the GPL contamination too. For example, you can distribute two seperate media which the customer is instructed to combine and cautioned that the thus combined work can not be legally redistributed. One media contains the proprietary work and the other contains the GPL work. Since they're never actually distributed in a combined form, license is granted under the GPL for the GPL part without impacting the stuff on the non-GPL media.
An example of this would be a handheld using Linux code which required you to plug in a flash card containing the GPL part of the software before your first use.
It would be interesting to see what effect that would have on the first sale doctrine. Is the customer deemed an owner of one copy of the combined code which can be sold to another entity regardless of license encumberance? That doesn't seem right, since that would blow another huge hole in the GPL.
GPL defines the source code as "the preferred form for making modifications to the work".
There is an obvious way around this in the build process. Obvious to me anyway.
Step 1: Segregate the sources. GPL part not allowed to contaminate the non-GPL part.
Step 2: Build the non-GPL part to a secondary source form (e.g. uncommented assembly with generic variable names). Be especially nasty by renaming the files to "a, b, c," etc and collapsing the source tree to a single directory. Or, hey, just lump it all into one big file.
Label this new work, "Derivative work A." License this new source code under the GPL.
Step 3: Combine "Derivative work A" with the GPL part and compile to object code.
Is "Derivative Work A" licensed under the GPL? Absolutely. If it wasn't, it wouldn't be legal to distribute it linked with other GPL code. The original? No! The original work is not distributed in any form, and is not contaminated by the GPL's requirements. But what about this "preferred source code" stuff? Derivative work A is the preferred source code because its the only source code. The predecessor work was not combined with any GPL materials or distributed in object form with GPL materials. As long as Derivative work A is actually source code of some form (not object code) you're golden. If you're still not sure, make one or two by-hand changes to Derivative work A before compiling.
Presto. You have now released what might as well be object code, closed the "true" source, and still complied with the GPL.
Of course, its also helpful if the original source form compiles to something useful with or without the GPL code. Judges aren't computers after all; they'll see exactly what you're pulling and if you leave an opening to call the works identical, they'll bust you for trying to throw a curve ball.
Rigging all of this in a form that the object code can't be redistributed without paying is an excercise left to the reader. Strong hints to the division between data and code, and the usefulness of code without a basic set of data.
You can walk into Walmart and buy cans of "Sam's" cola for well under half the price of Coke. Its nasty and it stains the cup.
Coke spends a tremendous amount of money on advertising, and more is eaten by the structural seperation between the company and its bottlers. Even if the coca cola process was more expensive than the sam's cola process, a company like Walmart could undersell them if the formula was accurately known.
Why don't they? Because the formula and production process are guessed at (based on reverse engineering) but are not accurately known.
As to Soviet reverse-engineered technology being obsolete, that's techno-centric. Not every industry is improving at the same pace as computers and genetics.
Besides, the Soviets may have been only five years behind in what the *could* make, but they were far further behind in what they *did* make. The latter was the more deadly failure in their system.
Coca-cola's formula still hasn't been figured out last I checked. Its protected solely as a trade secret, which means anyone who could figure it out by reverse-engineering a can of soda could legally sell an identical soda. I think that would be a little more popular target for a chemical analysis.
Even if you can both figure out what's in Coke and get the proportions right, you still have to figure out a cost-effective manufacturing process which produces that result.
There was a seperate attack coinciding with the DDoS. Large numbers of Chinese hosts attacked www.whitehouse.net, presumably by mistake (www.whitehouse.net!=www.whitehouse.gov). Elegant in its simplicity: they simply loaded the home page over and over and over again.
Starting around the same time, www.whitehouse.net began receiving about 100 times the normal requests for the home page and its associated graphics. Most of the offending hosts are in China thought at least a few aren't. So far, there are at least 1000 distinct addresses spread accross their entire IP space that reloaded the page at least 30 times.
I have no direct evidence this is related to the worm, but it begs coincidence.
www.whitehouse.net is a privately-owned parody of the US White House web site.
I picked up a half a dozen or so old Pentium computers for dirt at the Arthur Andersen asset auction in DC last year. You know, the guys who audited Enron.
I figured they'd have removed the drives. Nope! Blanked them? Nope! In several cases, the PCs' former users had left only a few megs free on the 1.2 gig drives.
Now, I wouldn't know an incriminating document if hit me in the ass. Nevertheless, if my company's books were audited by Arthur Andersen, I'd be pissed off that they didn't clear those drives.
I think the key problem is ISPs that do not block egress traffic on port 25.
If that's what you think, look deeper. Major ISPs work on Cisco routers, and Cisco access lists aren't efficient at blocking by TCP port. They work, but most (if not all) bump the traffic up to the main CPU to do the filtering. That doesn't cut it at high speeds.
Besides: barring a heavily custom mail system, the spammer could as easily send via the ISPs mail server and some do. Why burn money on the first phase of the problem without a ready solution to the second?
It is not too tough to set up an SMTP server to require authentication
Doesn't work out-of-the-box on most mail servers, and links to arbitrary external authentication mechanism on very few of them. If the sysadmin has to write code then you havn't found the solution yet.
We do "get it." Its called "vigilantism" and in a country based on law its a bad idea. There's neither a need nor room for Wyatt Earp in the twenty-first century.
I don't see the problem. Patents are about usage, not duplication. They prevent usage of a device or technique without a license. The GPL is about duplication, not usage. It prevents/requires restrictions on duplication and redistribution in whole and in part.
Even if it weren't that way, the worst case scenario is you'd need a different "free" license than the GPL for the code which was patent encumbered. Folks, the GPL is not holy doctrine. Its a convenient way to gift code with more of an ability to force your morals on the recipient than public domain offers. Its nothing more.
File a complaint with the Better Business Bureau. Its easy, its free, and they make sure it gets the attention of the right person at the company in question. With such a trivial complaint coming from the BBB, Yahoo'll take care of the problem faster than greased lightning.
Slashdot Mirror
Its an oft quoted fact that the difference in productivity between an expert software developer and a mediocre software developer is about two orders of magnitude. In other words, the expert delivers about 100 times more debugged code per man-hour than the wuss.
In an engineering discipline, this sort of delta in the range of what's considered "acceptable performance" is simply unheard of. An expert Electrical Engineer might deliver 3 to 4 times the correct circuitry designs than what the mediocre EE does.
There a number of classic fields where the performance delta between okay and great is several orders of magnitude: music, painting, literature, photography, etc. That is to say, ART.
There is a great deal of engineering involved in writing computer software, but make no mistake about it: programmers are not engineers; they're artists through and through.
Programmers even get upset at the same kinds of criticism as other artists. (What do you mean you want me to write more comments, indent the code differently, and use descriptive variable names!? That's a little like asking a musician to mix the tracks differently and post-process the vocals.)
--
In fairness, it also depends on whether you're talking about programming in general or programming for a specific language. The skill delta in Visual Basic or Perl coders, for example, is not anywhere close to two orders of magnitude. The language either doesn't allow or pushes folks away from a huge number of bug classes.
The mediocre programmer is still mediocre, but the code is more likely to muddle through the mistakes with less impact on the end result. For example, a mistake with a buffer in C means that you segv (halting the program with no result) with a security risk if its interfacing with an untrusted party. A mistake with a buffer in Perl means that you consume an obscene amount of memory in order to finish the run.
There was also a rumor spreading around Europe and Russia (primarily Germany and Russia) that the White House web page had been hacked. This rumor was false; the URL reported was http://www.whitehouse.net/index2.html
The rumor was enough to generate 4,600,000 hits in a 72-hour period that normally sees only 100,000.
I thought it was a DDOS until I analyzed the logs. It was about 75% folks linking from email and 25% folks linking from various web based message boards. About 60% went straight to index2.html while 40% went to the home page.
Sounds to me like what you really need to do is replace fgets with fgetxml. fgets stops at the end of line. fgetxml would stop at the end of the next tag instead (i.e. stop at ">" instead of LF.) End-of-line has no meaning in an XML file, so why process it with line-oriented I/O?
Or has this already been tried?
The amount of content required is IMMENSE.
Duh. That's why you don't try to build it yourself. Make a game in which the players build the world. And then encourage them to do so. I suppose this ties in with:
Everything You Know about Single-Player Games is Wrong
That's right Dave. One of the "wrong" things is the premise that the game creator creates the world. That doesn't work! The game creator has to create the rules of the universe and start the world. Then, if he expects to not be swamped, he has to sit back and let the players take it from there.
CD. I wonder how you could work around that problem. If people only hear one song on the radio, that's the song they'll buy.
You work around that problem by inserting authorized "radio quality" encodings into the P2P networks. An mp3 at 96kbps is good enough to figure out whether you like the song.
Its seems weird to me that a music industry which pays radio stations to play their songs where anyone can trivially make a tape recording wouldn't go out of their way to release comperable quality recordings on the internet for exactly the same reason they push radio stations to play them!
to create a patch while keeping news of the issue from leaking to those who might exploit the vulnerability.
The debian version of the patch wasn't available yesterday. The whole point of delaying the announcement is to get the fix out there ahead of the knowledge of the vulnerability. I'd say their system for "working with vendors" needs some work.
And what exactly is the knowledge dissemination path here? This time the mass media spread knowledge far and wide that attention was needed. They'll get bored after a couple more of these and stop prominantly reporting it. How does homeland security plan to get the message out then?
if you throttle the bastards back they'll end up using less
Less of which resource? My mail servers collectively move about 500,000 messages a day. The most scarce resources is # of processes and # of connections. If I deliberately throttle any of them by any noticeable amount, I'm going to double or triple my requirement for those resources.
Among spamming methods, there's about an even split. Half are direct-spamming from their dynamic dialup and the other half are relaying.
Your modern direct-spammer uses optimizing software which adds parallel connections to the limit of his bandwidth. He wants to push the maximum amount out before his account gets canned. Check your logs for the direct-spammer. His message already arrives slowly because he's saturating his link.
Your relay spammer will never notice that you're throttleing him. You'll throttle the relay he's abusing, but so what? If the admin notices, he'll "fix" it with a reboot. His software likely supports parallel delivery of individual messages and he's usually on broadband or better. If his software were smart enough to throttle the number of connections to each individual server, it'd be smart enough not to relay in the first place. So, by throttling you're setting up a situation where he'll open one connection for each message he wants to send and sit there like that until you're done throttling him.
The only time throttling becomes interesting is if your server is the relay being abused. In every other case, it burns more resources than it saves... And if you've adequately secured your server then the odds are you're not the relay being abused.
Nonsense. The spammer will just run the connections in parallel. The slower they get the more he'll run. He already does this to some extent. All this will accomplish is to tie up resources on YOUR mail server.
Craig uses the analogy of the telephone: You can unplug a telephone and move it to another room and plug it in, and 99.9999 per cent of the time it will work. When we use it, we are pretty sure that we know who we are talking to, and we know we'll get a bill at the end of the month and we know what rate we'll be charged at, and we are protected by Oftel. That's the vision, and that's where we want to be.
Good lord, that's Microsoft's idea of trustworthy? At least 75% of the Verizon bills I audit at work are wrong, many to the tune of thousands of dollars. And don't get me started about the impossibility of figuring out whether the caller is a telemarketer before picking up the phone...
As I recall, the Pentium processor got slower as the ram increased over 128mb. Something to do with the caching strategy. The 486 had a similar problem somewhere between 16 and 32mb.
Tom's test system had 512mb of ram. That should more or less knock the pentium's performance down to the equivalent of having turned off the cache entirely.
The fact that no company has dared to test this in court yet should be convincing enough that lawyers don't see it this way.
Nonsense. At this point, the GPL itself has only been tried in the court of public opinion. To the best of my knowledge, not one of the numerous small companies that has refused to release code they allegedly should have under the GPL has been successfully sued, either by winning in court or by getting action after filing suit. In every case where code was subsequently released it was in response to the hate mail, not any legal threat.
No company has tried something like the method I posted because there is no point in jumping through hoops until the easier methods are proven not to work.
The GPL's hardest problem in court is one of standing to sue. Unless the copier offers the GPL license to the recipient, the recipient has no standing to sue over it. Whoever the copier got it from might have standing (as one party to that instance of the GPL contract), but how could you prove where they got it? You can't. As a result, only the documented authors would have provable standing as an injured party to file a lawsuit for infringement and/or breach of contract. Since these authors are generally dispersed and disorganized (the bazaar, not the cathedral) its a huge burden on them to try to file suit.
Even if you get past that hurdle, the GPL is a shrink-wrap license. That makes successful suit for infringement vastly more likely than successful suit for breach of contract. Compelled compliance is only a remedy for breach, not for infringement. What remedy is imposed for infringement? Unless the specific work is under a registered copyright there are no punitive damages. Few GPL works are registered and the relative anonymity of the various authors would make registration difficult. Real damages? Showing real damages for free anything is exceptionally hard. The best the authors could realistically hope for after spending money and time in court is an injunction preventing further infringement.
So, after burning all that time and money the authors theoretically get an injunction against the company. I say theoretically because no one has gotten that far yet. How do you think the company responds? They switch to something like my method in the previous posts of course. No point in doing so sooner.
No, I'd argue the opposite of your statement. The fact that no authors have successfully sued under the terms of the GPL is convincing evidence of the futility in doing so.
The source code for a work means the preferred form of the work for making modifications to it.
I think you're missing one key point: WHOSE preferred form for making modifications. Your preferred form? My Preferred form? Richard Stallman's preferred form?
None of the above. The form in question is the copying entity's preferred form for making modifications. There may be dozens of predecessor works posessed by other entities but none of them matter. What matters is the "preferred form" of the work actually posessed by the copying entity.
In my second example, the only source code possessed by the copying entity is the assembly language source. Thus, if it is in fact source code then it is the "preferred form."
Truth is, the way the GPL is written you could almost get away with making that "preferred form" straight object code. A reasonable argument could be made that the "preferred form for making changes" redefined the term "source code" to have only that meaning in this contract. You'd just have to document that the entity posessed no superior form and that the entitity made actual changes to that form.
I don't know that I'd call that method easy since there is more than one way that the unwary could shoot themselves in the foot and end up infringing. It is, however, obvious and quite doable.
That is only true, if the proprietary stuff is not a derivative work of the GPL stuff.
No argument there. I have yet to spy a hole where you can get away with not releasing the source to portions that aren't severable from the GPL part of the code. So, you're compelled to release your API code and your tweaks. <sarcasm>Darn.</sarcasm>
And, of course, this is where you are wrong. You just explained that in Step2, you are creating a secondary form. Well, then the primary form, the one you created the obfuscated assembly from, is the source, defined by the GPL as the "preferred form for making modifications to the work".
Thing is, that interpretation is counter to copyright law. According to the law, the derivative work is an entirely new work. It inherits restrictions from the original based on any license (or lack of license) received by whoever makes the changes, but the reverse is not true. For the GPL to apply to the predecessor work, the GPL would have to explicitly state that it applies to the predecessor work.
More correctly, the GPL would have to state that in order to accept the license the distributor would have to offer the linked works and all portions of all predecessor works that the linked work was derived from under the GPL. It doesn't.
What it does do is talk about the "preferred" source form. The intent is seemingly straightforward, but that's a nastily vague way of saying it. Two things about that clause are, however, clear:
1) It must be a form generally considered to be source code.
2) It can't be a form which was not available to the entity which first distributed the combined software.
So, if you want to be doubly sure, you add one layer to my example. Create a corporate entity B whose sole purpose is to receive derivative work A (but not the original work!) from the owner of the original work, compile and link it to the GPL code, and then release it.
Derivative work A is the preferred source because:
1) It is in fact a generally accepted form of source code.
2) Its the only source code available to corporate entity B when they combined it with the GPL part.
There are other ways to deal with the GPL contamination too. For example, you can distribute two seperate media which the customer is instructed to combine and cautioned that the thus combined work can not be legally redistributed. One media contains the proprietary work and the other contains the GPL work. Since they're never actually distributed in a combined form, license is granted under the GPL for the GPL part without impacting the stuff on the non-GPL media.
An example of this would be a handheld using Linux code which required you to plug in a flash card containing the GPL part of the software before your first use.
It would be interesting to see what effect that would have on the first sale doctrine. Is the customer deemed an owner of one copy of the combined code which can be sold to another entity regardless of license encumberance? That doesn't seem right, since that would blow another huge hole in the GPL.
GPL defines the source code as "the preferred form for making modifications to the work".
There is an obvious way around this in the build process. Obvious to me anyway.
Step 1: Segregate the sources. GPL part not allowed to contaminate the non-GPL part.
Step 2: Build the non-GPL part to a secondary source form (e.g. uncommented assembly with generic variable names). Be especially nasty by renaming the files to "a, b, c," etc and collapsing the source tree to a single directory. Or, hey, just lump it all into one big file.
Label this new work, "Derivative work A." License this new source code under the GPL.
Step 3: Combine "Derivative work A" with the GPL part and compile to object code.
Is "Derivative Work A" licensed under the GPL? Absolutely. If it wasn't, it wouldn't be legal to distribute it linked with other GPL code. The original? No! The original work is not distributed in any form, and is not contaminated by the GPL's requirements. But what about this "preferred source code" stuff? Derivative work A is the preferred source code because its the only source code. The predecessor work was not combined with any GPL materials or distributed in object form with GPL materials. As long as Derivative work A is actually source code of some form (not object code) you're golden. If you're still not sure, make one or two by-hand changes to Derivative work A before compiling.
Presto. You have now released what might as well be object code, closed the "true" source, and still complied with the GPL.
Of course, its also helpful if the original source form compiles to something useful with or without the GPL code. Judges aren't computers after all; they'll see exactly what you're pulling and if you leave an opening to call the works identical, they'll bust you for trying to throw a curve ball.
Rigging all of this in a form that the object code can't be redistributed without paying is an excercise left to the reader. Strong hints to the division between data and code, and the usefulness of code without a basic set of data.
You can walk into Walmart and buy cans of "Sam's" cola for well under half the price of Coke. Its nasty and it stains the cup.
Coke spends a tremendous amount of money on advertising, and more is eaten by the structural seperation between the company and its bottlers. Even if the coca cola process was more expensive than the sam's cola process, a company like Walmart could undersell them if the formula was accurately known.
Why don't they? Because the formula and production process are guessed at (based on reverse engineering) but are not accurately known.
As to Soviet reverse-engineered technology being obsolete, that's techno-centric. Not every industry is improving at the same pace as computers and genetics.
Besides, the Soviets may have been only five years behind in what the *could* make, but they were far further behind in what they *did* make. The latter was the more deadly failure in their system.
Scroll down. The author of this page says flat out that he hasn't validated the information.
If it's true, this is your big chance to make up a batch [...] If you try it, let me know how it comes out.
Coca-cola's formula still hasn't been figured out last I checked. Its protected solely as a trade secret, which means anyone who could figure it out by reverse-engineering a can of soda could legally sell an identical soda. I think that would be a little more popular target for a chemical analysis.
Even if you can both figure out what's in Coke and get the proportions right, you still have to figure out a cost-effective manufacturing process which produces that result.
There was a seperate attack coinciding with the DDoS. Large numbers of Chinese hosts attacked www.whitehouse.net, presumably by mistake (www.whitehouse.net!=www.whitehouse.gov). Elegant in its simplicity: they simply loaded the home page over and over and over again.
Starting around the same time, www.whitehouse.net began receiving about 100 times the normal requests for the home page and its associated graphics. Most of the offending hosts are in China thought at least a few aren't. So far, there are at least 1000 distinct addresses spread accross their entire IP space that reloaded the page at least 30 times.
I have no direct evidence this is related to the worm, but it begs coincidence.
www.whitehouse.net is a privately-owned parody of the US White House web site.
Source samples with counts include:
3302 61.171.37.209
2443 218.17.216.111
2037 218.4.128.50
1962 218.25.204.219
1527 61.187.169.160
1336 61.131.48.222
1183 218.58.69.26
1079 68.37.179.107
Lots of good stuff.
I picked up a half a dozen or so old Pentium computers for dirt at the Arthur Andersen asset auction in DC last year. You know, the guys who audited Enron.
I figured they'd have removed the drives. Nope! Blanked them? Nope! In several cases, the PCs' former users had left only a few megs free on the 1.2 gig drives.
Now, I wouldn't know an incriminating document if hit me in the ass. Nevertheless, if my company's books were audited by Arthur Andersen, I'd be pissed off that they didn't clear those drives.
I think the key problem is ISPs that do not block egress traffic on port 25.
If that's what you think, look deeper. Major ISPs work on Cisco routers, and Cisco access lists aren't efficient at blocking by TCP port. They work, but most (if not all) bump the traffic up to the main CPU to do the filtering. That doesn't cut it at high speeds.
Besides: barring a heavily custom mail system, the spammer could as easily send via the ISPs mail server and some do. Why burn money on the first phase of the problem without a ready solution to the second?
It is not too tough to set up an SMTP server to require authentication
Doesn't work out-of-the-box on most mail servers, and links to arbitrary external authentication mechanism on very few of them. If the sysadmin has to write code then you havn't found the solution yet.
Three words for you: "Seperate But Equal."
History will regard the Eldred decision as the court's first serious blunder in the twenty-first century. You heard it here first.
We do "get it." Its called "vigilantism" and in a country based on law its a bad idea. There's neither a need nor room for Wyatt Earp in the twenty-first century.
I don't see the problem. Patents are about usage, not duplication. They prevent usage of a device or technique without a license. The GPL is about duplication, not usage. It prevents/requires restrictions on duplication and redistribution in whole and in part.
Even if it weren't that way, the worst case scenario is you'd need a different "free" license than the GPL for the code which was patent encumbered. Folks, the GPL is not holy doctrine. Its a convenient way to gift code with more of an ability to force your morals on the recipient than public domain offers. Its nothing more.
File a complaint with the Better Business Bureau. Its easy, its free, and they make sure it gets the attention of the right person at the company in question. With such a trivial complaint coming from the BBB, Yahoo'll take care of the problem faster than greased lightning.